Build type `maven` requires a so called aggregator pom which includes all modules to be scanned. If used in a mta-project which includes non-java submodules as maven dependency (e.g. node via frontend-maven-plugin), exclude those by specifying java path explicitly, e.g. `java/**/src/main/java/**/*`.
Besides triggering a scan the step verifies the results after they have been uploaded and processed by the Fortify SSC. By default the following KPIs are enforced:
*All issues must be audited from the Corporate Security Requirements folder.
*All issues must be audited from the Audit All folder.
*At least one issue per category must be audited from the Spot Checks of Each Category folder.
*Nothing needs to be audited from the Optional folder.
Defines a custom version for the Fortify scan which deviates from the typical versioning pattern using [`version`](#version) and [`versioningModel`](#versioningModel).
It allows to set non-numeric versions as well and supersedes the value of [`version`](#version) which is calculated automatically.
The parameter is also used by other scan steps (e.g. Detect, Sonar, WhiteSource) and thus allows a common custom version across scan tools.
description:Version used in conjunction with [`versioningModel`](#versioningModel) to identify the Fortify project to be created and used for results aggregation.
longDescription:|-
Version used in conjunction with [`versioningModel`](#versioningModel) to identify the Fortify project to be created and used for results aggregation.
This is usually determined automatically based on the information in the buildTool specific build descriptor file.
description:Influences whether a report is generated or not
scope:
- PARAMETERS
- STAGES
- STEPS
default:false
- name:serverUrl
aliases:
- name:fortifyServerUrl
- name:sscUrl
deprecated:true
type:string
description:"Fortify SSC Url to be used for accessing the APIs"
mandatory:true
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
- name:pullRequestMessageRegexGroup
type:int
description:"The group number for extracting the pull request id in `'pullRequestMessageRegex'`"
scope:
- PARAMETERS
- STAGES
- STEPS
default:1
- name:deltaMinutes
type:int
description:
"The number of minutes for which an uploaded FPR artifact is considered to be recent and
healthy, if exceeded an error will be thrown"
scope:
- PARAMETERS
- STAGES
- STEPS
default:5
- name:spotCheckMinimum
type:int
description:
"The minimum number of issues that must be audited per category in the `Spot Checks of each
Category` folder to avoid an error being thrown"
scope:
- PARAMETERS
- STAGES
- STEPS
default:1
- name:fprDownloadEndpoint
aliases:
- name:fortifyFprDownloadEndpoint
type:string
description:"Fortify SSC endpoint for FPR downloads"
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
default:"/download/currentStateFprDownload.html"
- name:versioningModel
aliases:
- name:defaultVersioningModel
deprecated:true
type:string
description:
"The default project versioning model used for creating the version based on the build descriptor version to report results in SSC, can be one of `'major'`,
`'major-minor'`, `'semantic'`, `'full'`"
scope:
- PARAMETERS
- GENERAL
- STAGES
- STEPS
default:"major"
possibleValues:
- major
- major-minor
- semantic
- full
- name:pythonInstallCommand
type:string
description:
"Additional install command that can be run when `buildTool: 'pip'`
is used which allows further customizing the execution environment of the scan"
scope:
- PARAMETERS
- STAGES
- STEPS
default:"{{.Pip}} install --user ."
- name:reportTemplateId
type:int
description:"Report template ID to be used for generating the Fortify report"
scope:
- PARAMETERS
- STAGES
- STEPS
default:18
- name:filterSetTitle
type:string
description:"Title of the filter set to use for analysing the results"
scope:
- PARAMETERS
- STAGES
- STEPS
default:"SAP"
- name:pullRequestName
type:string
description:
"The name of the pull request branch which will trigger creation of a new version in Fortify
SSC based on the master branch version"
scope:
- PARAMETERS
- STAGES
- STEPS
- name:pullRequestMessageRegex
type:string
description:"Regex used to identify the PR-XXX reference within the merge commit message"
scope:
- PARAMETERS
- STAGES
- STEPS
default:'.*Merge pull request #(\\d+) from.*'
- name:buildTool
type:string
description:"Scan type used for the step which can be `'maven'`, `'pip'`"
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
default:maven
# Global maven settings, should be added to all maven steps
- name:projectSettingsFile
type:string
description:Path to the mvn settings file that should be used as project settings file.
scope:
- GENERAL
- STEPS
- STAGES
- PARAMETERS
aliases:
- name:maven/projectSettingsFile
- name:globalSettingsFile
type:string
description:Path to the mvn settings file that should be used as global settings file.
scope:
- GENERAL
- STEPS
- STAGES
- PARAMETERS
aliases:
- name:maven/globalSettingsFile
- name:m2Path
type:string
description:Path to the location of the local repository that should be used.
